On 11 Jan 2001, at 11:47, Jim Reid wrote:
> >>>>> "ed" == ed <[EMAIL PROTECTED]> writes:
>
> ed> This issue is important to me because I teach both dns and
> ed> firewall courses. Normally, I would suggest to students that
> ed> they block all ports below 1024 (except 53) for packets sent
> ed> to the dns server. Now, this data makes me wonder if we're
> ed> turning away good guys or bad guys.
>
> ed> What's the official position on resolvers and ephemeral ports?
>
> I don't think there is one.
<snip>
> And what if a privileged UNIX application uses a port
> number less than 1024 to query the name server?
This is a compelling argument. You've convinced me. We
simply cannot filter dns packets on the source port.
Thanks,
Ed
